What is CVE-2019-10218?

CVE-2019-10218 is a vulnerability found in the Samba client in all versions before 4.11.2, 4.10.10, and 4.9.15, allowing a malicious server to supply a pathname with separators to access files and folders outside of the SMB network pathnames.

What is the severity of CVE-2019-10218?

CVE-2019-10218 has a severity rating of 6.5 (medium).

How does CVE-2019-10218 impact Samba?

CVE-2019-10218 allows a malicious server to manipulate the Samba client by supplying a pathname with separators, potentially granting unauthorized access to files and folders outside of the intended network pathnames.

Which versions of Samba are affected by CVE-2019-10218?

CVE-2019-10218 affects all Samba versions before 4.11.2, 4.10.10, and 4.9.15.

How can I mitigate CVE-2019-10218?

To mitigate CVE-2019-10218, it is recommended to update Samba to version 4.11.2, 4.10.10, or 4.9.15, which contain the necessary security patches.

Vulnerability/
CVE-2019-10218

medium

6.5

CWE

18/10/2019

6/11/2019

4/8/2024

CVE-2019-10218: Path Traversal

First published: Fri Oct 18 2019(Updated: )

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Samba Samba	<4.9.15
Samba Samba	>=4.10.0<4.10.10
Samba Samba	>=4.11.0<4.11.2
Fedoraproject Fedora	=29
Fedoraproject Fedora	=31
redhat/samba	<4.9.15	4.9.15
redhat/samba	<4.10.10	4.10.10
redhat/samba	<4.11.2	4.11.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-10218?
CVE-2019-10218 is a vulnerability found in the Samba client in all versions before 4.11.2, 4.10.10, and 4.9.15, allowing a malicious server to supply a pathname with separators to access files and folders outside of the SMB network pathnames.
What is the severity of CVE-2019-10218?
CVE-2019-10218 has a severity rating of 6.5 (medium).
How does CVE-2019-10218 impact Samba?
CVE-2019-10218 allows a malicious server to manipulate the Samba client by supplying a pathname with separators, potentially granting unauthorized access to files and folders outside of the intended network pathnames.
Which versions of Samba are affected by CVE-2019-10218?
CVE-2019-10218 affects all Samba versions before 4.11.2, 4.10.10, and 4.9.15.
How can I mitigate CVE-2019-10218?
To mitigate CVE-2019-10218, it is recommended to update Samba to version 4.11.2, 4.10.10, or 4.9.15, which contain the necessary security patches.

collector/nvd-api
collector/nvd-index
agent/author
agent/type
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/severity
agent/references
agent/weakness
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-10218
agent/software-canonical-lookup
agent/tags
agent/event
collector/mitre-cve
source/MITRE
vendor/samba
canonical/samba samba
version/samba samba/4.10.0
version/samba samba/4.11.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/29
version/fedoraproject fedora/31
package-manager/redhat